A few days ago Kelly Shortridge, a product manager at SecurityScorecard detected some unexpected behavior on her PC, as a honeypot Canarytoken reported being accessed by Chrome.exe. That's not what you'd expect from a web browser normally, except for one thing -- Google did add some antivirus-y capabilities to its browser on Windows late last year as an enhancement to its Chrome Cleanup tool that can help reset hijacked settings. Google Chrome security lead Justin Schuh explained how the feature works and pointed to some documentation about it, and that was that -- until last night.

Quote

If you are hitting this issue and you want a fix right now then go to chrome://downloads in your browser, go to the menu in the top right, and select Clear All. That will clear Chrome’s list of downloaded files so that it won’t have any files to existence-check at startup. If you have a large list of downloaded files then this will improve startup time slightly.– Justin Schuh

It turns out the "AV scanning" wasn't that at all, and what it was doing could affect you right now. It turns out that Chrome is checking the integrity of downloaded files at startup, and a bug leads it to that particular folder. It relies on the Downloaded History list for this check, and if you have a lot of files in there, it could slow down your computer when you start Chrome. While the dev team is working to skip the check entirely in a future update, users worried about it can fix it by clearing their download history. Easy, right?

Unwanted software protection

The Windows version of Chrome is able to detect and remove certain types of software that violate Google's Unwanted Software Policy. If left in your system, this software may perform unwanted actions, such as changing your Chrome settings without your approval.

Chrome periodically scans your device to detect potentially unwanted software. In addition, if you have opted in to automatically report details of possible security incidents to Google, Chrome will report information about unwanted software, including relevant file metadata and system settings linked to the unwanted software found on your computer.

If you perform an unwanted software check on your computer from the Settings page, Chrome reports information about unwanted software and your system. System information includes metadata about programs installed or running on your system that could be associated with harmful software, such as services and processes, scheduled tasks, system registry values commonly used by malicious software, Windows proxy settings, and software modules loaded into Chrome or the network stack. You can opt out of sharing this data by deselecting the checkbox next to "Report details to Google" before starting the scathe n.

If unwanted software is detected, Chrome will offer you an option to remove the software by using the Chrome Cleanup Tool. The Chrome Cleanup Tool also reports information about unwanted software and your system to Google, and again you can opt out of sharing this data by deselecting the checkbox next to "Report details to Google" before starting the cleanup.

This data is used for the purpose of improving Google's ability to detect unwanted software and offer better protection to Chrome users. It is used in accordance with Google's Privacy Policy and is stored for up to 14 days, after which only aggregated statistics are retained.